Contactless transaction systems use secure contactless smart cards for transaction purposes. Certain exemplary transaction systems include transportation—transit cards, authentication and identity cards, parking cards, and phone cards. An exemplary secure contactless smart card is the MIFARE® card from NXP Semiconductors or an iClass® card from HID Global. Certain conventional smart cards use radio frequency identification (RFID) standards to transmit and receive information to and from a card reader device. RFID based contactless smart card devices are supported via the International Organization for Standardization and the International Electrotechnical Commission standard (ISO/IEC) 14443 for smart cards and card readers. Certain contactless card type devices are enabled using electronic components, such as an antenna and secure memory, and supporting semiconductor components, such as a memory management unit, a processor, and a cryptographic generator.
The different types of software application or application data memory areas include random access memory (RAM), read only memory (ROM), and non-volatile flash memory. These memory areas are typically secure memory areas and store all the secure information required to operate software applications for access, membership, or payment purposes. Certain low end contactless smart cards may not offer significant processing capabilities; these smart cards are often passive and transmit a radio frequency with information from a passive memory. Further, each secure memory area is assigned specific application functions, which are included in the secure element area within the contactless smart card.
Certain contactless smart cards include a platform for hardware and software that supports both EMV (electronic credit card standards) and MIFARE® operating functions. Such cards further include a processor for retaining different areas within combined or separated secure elements of the contactless smart card device. Contactless smart cards are available in different memory sizes, for example, a 4 KB of EEPROM (flash memory) or a 1 KB EEPROM package. However, certain widely used smart cards do not have any intelligent processing capability and are software coded such that certain memory areas alone can be read only by certain card readers. In many widely used contactless transaction cards, such as the MIFARE Classic®, a limited amount of resources are available within the smart card to enable further development. For example, on a 4 KB card, a requirement exists that all of the 4 KB should be active within the card at any given time.
In some secure element namespaces, also referred to as “memory areas” within contactless cards, the available memory is statically partitioned, and the partitions are further encoded in the card reader. Eventually, the card reader reads only from the pre-determined partitions. This division of an already over-subscribed namespace results in frequent collisions, and therefore, anti-collision protocols that further reduce available memory space. Further, limited security protocols are enforced for cards that do not have any processor capabilities. This enforcement may reduce the security options within the card and the card readers compared to, for example, EMV type cards that are commonly used for credit card applications.
Some software applications may limit information stored within the card, as well as the control of the information to owners of the secure keys. On a contactless smart card that includes multiple applications, conflicts and errors arise as a result of shared memory. Further, if the second company needs to protect a part of the data on the card, this protection will not be possible as one key does not offer security over-riding another key. The limited application space, data space, and security with multi-party interests are deficient in the current application. Further, the access keys on the card cannot be updated without permission of key “B” owners.